VMware Expands Container Efforts

VMware adds a container registry and management portal to its vSphere Integrated Containers effort, with the promise of more features to come.

When Docker containers first emerged several years ago, the initial reaction from many industry experts was that they would become a competitive alternative to VMware. As it turns out, VMware in its own way is embracing containers and today at the VMworld conference announced further enhancements to support container deployments.
At the VMworld 2015 event, VMware first announced a preview of its vSphere Integrated Containers effort. Now, a year later, that effort is being expanded with a new enterprise container registry called Harbor and a container management portal called Admiral.
The basic premise behind vSphere Integrated Containers is that containers can run more securely inside of a vSphere hypervisor and benefit from some of VMware's existing vSphere tooling. Kit Colbert, vice president and general manager of cloud-native apps at VMware, explained during a VMworld keynote address that vSphere Integrated Containers enables users to launch containers inside of a vSphere virtual machine.
"We heard from customers that they need more," Colbert said.

Among the additional needs identified by VMware's container customers is a place to store containers securely, which is what the Harbor container registry is all about. Harbor is based on the open-source Docker Distribution project, which is the new incarnation of the Docker registry project, providing a place to store and deploy Docker images. Among the public implementations of Docker Registry is the Docker Hub, which provides a freely available repository of Docker application images.

Colbert said customers also told VMware that they needed a separate management portal for containers, which is where the Admiral project fits into the picture.
"vSphere administrators don't want to give application and development teams access into vSphere," he said. "So they need a place for the app teams to go and manage containers, which is exactly what we're providing with vSphere integrated containers now."
In a demonstration on the VMworld stage, Colbert showed the integration with role-based access control to provide secured access to the container deployment model. VMware's approach to security, however, is missing a few elements that Docker Inc. provides its users. Docker has an open-source project called Notary that helps secure Docker application images with a signed cryptography key. Docker has included Notary support inside of its commercial Docker Data Center platform. In addition, Notary is an implementation of The Update Framework (TUF) that aims to validate the integrity and authenticity of an image update, preventing the risk of man-in-the-middle attacks.
Currently, VMware's vSphere Integrated Containers is missing those features, but they might be coming in a future update. In a Twitter reply to eWEEK, Colbert commented, "We're working on it."
Colbert also announced on stage that VMware is collaborating with multiple partners for vSphere Integrated Containers, including CoreOS, Hashicorp, Mesosphere, Pivotal and Rancher. Colbert did not specifically mention Docker Inc. in his keynote. At the VMworld 2014 event, Docker Inc. CEO Ben Golub joined VMware CEO Pat Gelsinger onstage to talk about containers.
"At this point I don't believe we have commercial support with Docker Inc., but we're very open and eager to work with, not just Docker, but the entire ecosystem," Karthik Narayan, senior product manager of Cloud Native Apps at VMware, told eWEEK. "We have filed a couple of bugs with Docker for things that need to be fixed, and our engineers work with them [Docker]."
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.